In the claims: 

Following is a complete set of claims as amended with this Response. 

1. (Currently Amended) A method comprising: 

receiving a subscription request at an Internet Service Provider (ISP) from a user 
terminal through an access point of an capable of accessing the ISP using a wireless 
access network; 

assigning a subscription identifier to the user terminal at the ISP in response to the 
subscription request; 

generating at the ISP a service certificate signed by a certificate authority and that 
includes the subscription identifier to identify a subscription of the user terminal with the 
ISP: 

adding the service certificate to a certificate revocation list (CRD maintained by 
the ISP: 

receiving the service certificate from the user terminal at the ISP a service 
certificate sign e d by a certificate authority, the servic e certificate including the 
subscription identifier ; 

checking the service certificate against the against a certificate revocation list 
(CRL) maintained by the ISP; and 

providing from the ISP , to the user terminal, if the service certificate is valid, a 
session certificate to be used to access the wireles s access network through the access 
point , the session certificate having a shorter validity period than the service certificate. 

2. (Currently Amended) The method of claim 1, wherein receiving the service 

certificate comprises receiving the service certificate through the from an access point 

being used by a user terminal to access the wireless access network. 
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3. (Currently Amended) The method of claim 2, wherein checking the service 
certificate d e termining whether the s e rvice c e rtificate is valid comprises searching a 
certificate revocation list at the ISP. 

4. (Currently Amended) The method of claim 1, wherein the session certificate is 
one or more session c e rtificates are each associated with a link-level session available to 
the user terminal. 

5. (Currently Amended) The method of claim 1, wherein the eaeh link-level session 
comprises a PPP session. 

6. (Currently Amended) A method comprising: 

receiving a digital certificate at an a wir e less access point of an a wirel e s s access 
network from a user terminal seeking access to the wir e less access network, the digital 
certificate to be used to authenticate the user terminal; 

determinin g, at the access point, a type of the digital certificate; 

if the certificate is a session certificate, then determining the validity of the digital 
certificate by searching a certificate revocation list (CRL) at the wir e less access point that 
is associated with session certificates; and 

if the certificate is a service certificate, then sending the certificate to an Internet 
Service Provider (ISP) to determine the validity of the certificate. 

7. (Currently Amended) The method of claim 6, wherein determining the type of the 
digital certificate comprises determining the length of the [[the]] digital certificate. 

8. (Currently Amended) The method of claim 6, wherein the validity periods of 
session certificates is shorter than the validity periods of service session certificates. 

9. (Original) The method of claim 8, wherein the CRL associated with session 

certificates is shorter than the CRL associated with service certificates. 
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10. (Currently Amended) A user terminal capable of communicating with an a 
wireless access network, the user terminal comprising: 

a memory to store: 

a service certificate issued by an Internet Service Provider ("ISP") and signed by 
a certificate authority, the service certificate having a first validity period, the service 
certificate corresponding with a subscription of the user terminal with the ISP and 
including a subscription identifier, the service certificate to be used by the wireless access 
network to authenticate the user terminal with the ISP; and 

a session certificate issued by the ISP and signed by the certificate authority, the 
session certificate having a second validity period that is shorter in duration than the first 
validity period, the session certificate corresponding with a session subscribed to by the 
user terminal and to be used by the wireless access network to authenticate the user 
terminal to an a wir e less access point of the wirel es s access network. 

11. (Original) The user terminal of claim 10, wherein the session comprises a link- 
level session. 

12. (Original) The user terminal of claim 11, wherein the link-level session comprises 
a PPP session. 

13. (Currently Amended) A machine-readable medium having stored thereon data 
representing instructions that, when executed by a processor of an Internet Service 
Provider ("ISP"), cause the processor to perform operations comprising: 

receiving a subscription request at an Internet Service Provider (ISP) from a user 
terminal through an access point of an capable of accessing the ISP using a wireless 
access network; 
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assigning a subscription identifier to the user terminal at the ISP in response to the 
subscription request; 

generating at the ISP a service certificate signed by a certificate authority and that 
includes the subscription identifier to identify a subscription of the user terminal with the 
ISP: 

adding the service certificate to a certificate revocation list (CRD maintained by 
the ISP: 

receiving the service certificate from the user terminal at the IS P a service 
certificat e signed by a c e rtificate authority, the service c e rtificate including the 
subscription identifier ; 

checking the service certificate against the against a certificate revocation list 
(CRL) maintained by the ISP; and 

providing from the ISP , to the user terminal, if the service certificate is valid, a 
session certificate to be used to access the wir e less access network through the access 
point , the session certificate having a shorter validity period than the service certificate. 

14. (Currently Amended) The machine-readable medium of claim 13, wherein 
receiving the service certificate comprises receiving the service certificate through the 
from an access point being used by a user terminal to access the wireless access network. 

15. (Currently Amended) The machine-readable medium of claim 14, wherein 
checking the service certificate determining whether th e servico cfirrifimto. is vnliH 
comprises searching a certificate revocation list. 

16. (Currently Amended) The machine-readable medium of claim 13, wherein the 
session certificate is one or mor e s e ssion c e rtificates are each associated with a link-level 
session available to the user terminal. 
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17. (Currently Amended) The machine-readable medium of claim 13, wherein the 
eaeh link-level session comprises a PPP session. 

18. (New) The method of claim 1, wherein the service certificate further includes an 
indication of a grade of service granted to the user terminal for the subscription. 

19. (New) The user terminal of claim 10, wherein the service certificate is 
authenticated by the ISP and the session certificate is authenticated at the access point. 

20. (New) The user terminal of claim 19, wherein the service certificate is 
authenticated using a certificate revocation list (CRL) maintained by the ISP and the 
session certificate is authenticated using a CRL maintained by the access point. 
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